Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NASA-AMMOS/slim#25: Functional GitHub Actions-based SCRUB (CodeQL) analysis... #11

Merged
merged 1 commit into from
Mar 15, 2024
Merged

NASA-AMMOS/slim#25: Functional GitHub Actions-based SCRUB (CodeQL) analysis... #11

merged 1 commit into from
Mar 15, 2024

Conversation

ingyhere
Copy link
Collaborator

@ingyhere ingyhere commented Mar 15, 2024
edited
Loading

Purpose

  • GitHub Actions Workflow to perform SCRUB (CodeQL) analysis on push and PR

Proposed Changes

  • ADD codeql.yaml workflow file that triggers on push and PR
  • ADD codeql/codeql-config.yaml configuration for static code analysis and security scanning

Issues

Testing

@ingyhere ingyhere requested review from riverma and a team March 15, 2024 01:51
@ingyhere ingyhere self-assigned this Mar 15, 2024
jordanpadams
jordanpadams reviewed Mar 15, 2024
View reviewed changes
Copy link

@jordanpadams jordanpadams left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

on: pull_request:

is pr

codeql.yml Outdated
branches: [main, develop]
pull_request:
# The branches below must be a subset of the branches above
branches: [develop]
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This probably isn't necessary since this was already checked when pushed to branch develop? But not a huge deal.

Copy link
Collaborator Author

@ingyhere ingyhere Mar 15, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was going for the auto-checks at PR time before it hits the branch, but yeah when it's merged/pushed it may run again. However, there could also be other changes by that time.
(Below is a similar sentiment...)
Screen Shot 2024-03-14 at 7 26 48 PM

@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@ingyhere ingyhere merged commit 56919ba into NASA-AMMOS:develop Mar 15, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jordanpadams jordanpadams jordanpadams left review comments

@jpl-jengelke jpl-jengelke jpl-jengelke approved these changes

@riverma riverma Awaiting requested review from riverma

Assignees

@ingyhere ingyhere

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ingyhere @jordanpadams @jpl-jengelke